- The Iranian internet was shut down by 25% in order to repel DDoS attacks against critical infrastructure.
- The authorities cannot put the blame on any state-supported actors, as they detected multiple attack sources.
- The Iranian space programme also took a blow, by failing to put “Zefar” in stable low-Earth orbit.
According to a report by the NetBlocks internet observatory, the internet in Iran was partially shut down on Saturday morning and remained like that for several hours. The connectivity problems affected several Iranian network operators and both cellular and fixed-line infrastructure. At the peak of the attacks, 25% of the country’s internet went completely offline. According to the statements made by government officials later, this partial shutdown was their decision and not a direct result of hacker attacks, as they had to take several systems offline to protect them from the ongoing cyber strikes.
Confirmed: Internet partially shut down #Iran from 11:45 a.m. local time (08:15 UTC); real-time network data show national connectivity fall to 75% after authorities reportedly activated "Digital Fortress" isolation mechanism; incident ongoing 📉
— NetBlocks.org (@netblocks) February 8, 2020
More specifically, officials from the ICT (Information and Communications Technology) ministry have stated that the type of the attack was that of a Distributed Denial of Service (DDoS), and was successfully repelled by Iran’s Digital Fortress (Dzhafa). It is hard to say if these statements are accurate or not, but by correlating them with the evidence, the disruptions seem to be a result of an external attack. Iran is known to impose internet blocks to control widespread public protests or to censor information sources, but this time, this is not the case.
Some internet service providers restored their operation completely within a couple of hours, but for others, it took until Sunday to do so. This was a great example of the damage that can be done through cyber-warfare and the impact that these attacks can have on the economy of nations. As for the actors behind this attack, Iranian officials cannot point any fingers this time. DDoS attacks are highly distributed and come from multiple sources, so this doesn’t seem to be the work of state-sponsored actors. Iran has an ongoing conflict with the United States ever since the latter decided to murder General Qassem Soleimani, so some have rushed to put the blame on US hackers. However, there’s no evidence to back this suggestion right now.
Regardless of the attribution, this attack is just another episode in a long series of cyberattacks that take place on the global scene. To make matters worse for Iran, their “Zafar” observation satellite that was launched on Sunday failed to achieve a stable orbit. We don’t know if this is related to the cyber-attacks or not, but the internet disruption has caused a one-day delay in the space programme, which could have had an adverse effect on the final result. The US always saw “Zafar” as a cover for missile development, so they definitely didn’t want it up in space.